WebApp Sec mailing list archives

Re: SQL Injection Tools

From: "Rick Zhong" <sagiko () gmail com>
Date: Mon, 23 Jun 2008 12:49:21 +0800

Hi,
I guess it is kind of difficult to find an almighty all-purpose sql
injection tool, simply because the vast varieties of SQL injection
attacks due to different databases, techniques and progamming language
APIs. You may want to go for more specialized classifications, for
example, absinthe and SQL Power Injector are good in blind SQL
injection testing while SQLninja and NBSI are good for ASP+MSSQL
applications. NGSS is very well-known for their Oracle vulnerability
research capabilities.

I have used/evaluated about half of those tools in that list, and SQL
Power Injector is most impressive to me. It might has a sharp learning
curve initially due to all the configuration and tuning, but it is
well-documented.

regards,
Rick Zhong
------------------------------------------------------------------------------------------------
Welcome to my blog - Informaiton (In)Security in Financial Industry
http://blog.rickzhong.com
------------------------------------------------------------------------------------------------



On Mon, Jun 23, 2008 at 8:23 AM, Serg B <sergeslists () gmail com> wrote:

Hi All,

Can anybody suggest a relatively reliable SQL injection tool?  Either
Open Source or proprietary - required for business use.  So far, I've
been clobbering all sorts of weird SQL strings manually, would be nice
to minimize the repetitive keyboard labor.

So far, I am going through this list:
http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners

If there is anything better out there, or if anybody thinks I should
concentrate on a particular tool from the list (link above), please
let me know.


Thanks,
  Serg

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------




-- 
Information (In)Security In Financial Industry: h44p://blog.rickzhong.com

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

SQL Injection Tools Serg B (Jun 22)
- Re: SQL Injection Tools Rick Zhong (Jun 24)
- Re: SQL Injection Tools Jason Ross (Jun 24)
- Re: SQL Injection Tools oh oh (Jun 24)